Licensing and patents can be used to project intellectual property (for internet
protocol addresses different procedures are followed).
Restrictive licensing and patents are not very great though as they reduce the
number of people that will examine the code. Switzerland has licensing restrictions
on commercial use of their front end:
gitlab.com/swisspost-evoting
main code is otherwise under a free license. The code is mostly Java, so
probably more accessible than Ocaml which Belenios is written in. It is
still under development, but public examination is underway, see for example:
Bryan Ford
“Auditing the Swiss Post E-voting System: An Architectural Perspective”
bford.info/pub/sec/swisspost-evoting/swisspost-evoting.pdf
Geneva had previously used a closed source voting system. However,
after publication of the study:
Sarah Jamie Lewis, Olivier Pereira and Vanessa Teague
“Ceci n’est pas une preuve:
The use of trapdoor commitments in Bayer-Groth proofs
and the implications for the verifiabilty of the
Scytl-SwissPost Internet voting system”
openprivacy.ca/research/UniversalVerifiabilitySwissPost/
A law was passed to ensure source code is available.
>
> I do agree with the Belenios study recommendation of transparency, more
> than the cryptography scrutiny which is rather esoteric, public trust and
> openness is key.
>
> For the record, AFRINIC has used Helios for e-voting in the past which
> happens to be where Belenios is derived from.
Getting members to contribute time and resources to run Helios would have
been a better solution – Python developers are easier to find in Africa, though
the language is not as great for high security applications as compiled languages.
It would certainly advertise interest in data privacy and willingness to start
developing local solutions to local problems. Helios is not perfect, but developing
capability within Africa would certainly be worthwhile. As an example GRNET (Greeces’
version of KENET) runs Zeus, a fork of Helios:
github.com/grnet/zeus
>
> afrinic.net/community/elections/voting/online-voting
>
>
>
>
> Regards,
> David
>
>
> On Fri, 12 Sept 2025 at 13:07, Benson Muite
> wrote:
>
>> Most of the independent security vendors who audit Voatz request
>> anonymity. As the protocols
>> used are not fully specified, and as the implementation details need to be
>> reverse engineered,
>> many people in the cryptography community will not be reassured by such
>> certifications.
>>
>> It is interesting to compare the response with the study of Belenios:
>>
>> Reversing, Breaking, and Fixing the French Legislative Election E-Voting
>> Protocol
>>
>> Authors:
>> Alexandre Debant, Université de Lorraine, CNRS, Inria, LORIA, F-54000
>> Nancy, France
>> Lucca Hirschi, Université de Lorraine, CNRS, Inria, LORIA, F-54000 Nancy,
>> France
>>
>> http://www.usenix.org/conference/usenixsecurity23/presentation/debant
>>
>> One recommendation from this study is:
>>
>> “Because designing and deploying e-voting solutions is a notoriously
>> difficult task,
>> we recommend promoting transparency and public scrutiny from different
>> communities (academic researchers, hackers, etc.) to detect and prevent
>> vulnerabilities as early as possible. This could be incentivized with
>> public intrusion test
>> and bug bounty programs, as done in Switzerland where open access is even
>> a legal
>> requirement.”
>>
>> On Fri, Sep 12, 2025, at 11:45 AM, David Njuki wrote:
>> > The study does date back to 2020 and there was this response from the
>> > voting platform vendor.
>> >
>> >
>> voatz.com/2020/02/13/voatz-response-to-researchers-flawed-report/
>> >
>> > I suppose it’s also important to appreciate updates and developments of
>> any
>> > software over time.
>> > Additionally, they also do publish regular security audits on their
>> > website, one being as recent as this year.
>> >
>> > voatz.com/audits/
>> >
>> > Regards,
>> > David
>> >
>> >
>> > On Fri, 12 Sept 2025 at 11:03, Benson Muite via KICTANet <
>> > [email protected]> wrote:
>> >
>> >> A study on the voting platform used in the Afrinic Elections:
>> >>
>> >> The Ballot is Busted Before the Blockchain: A Security Analysis of
>> Voatz,
>> >> the First Internet Voting Application Used in U.S. Federal Elections
>> >>
>> >> Authors:
>> >> Michael A. Specter, James Koppel, and Daniel Weitzner, MIT
>> >>
>> >> http://www.usenix.org/conference/usenixsecurity20/presentation/specter
>> >>
>> >> Kenyan Companies and Institutions listed as voting/registered to vote:
>> >>
>> >> Ace Micro Services Limited, Aaron Mbowa, CTO
>> >> AFRIQ NETWORK SOLUTIONS LIMITED, Erick Kiboi, CTO
>> >> Airtel Networks Kenya Limited, John Kiama, Director Engineering
>> >> Angani Limited, Denson Ngumo, CTO
>> >> Atlancis Technologies Limited, TONEY WEBALA, CTO
>> >> Blue Streak Horizons Net Limited, Collins Areba, CEO/Director
>> >> BULSHO FIBER LINK LIMITED, Hamza Adam, CEO
>> >> Dew CIS Solutions Limited, Dennis Gichangi, Director Marketing and
>> >> Projects
>> >> Easy BroadBand Limited, KIPLABATT NGENY, CTO
>> >> Echotel International Kenya Limited, Alfred Wandati, General Manager
>> >> Embarq Limited, Bernard Wainaina, CEO
>> >> Family Bank Ltd, Robert Wafula, Chief Information Officer
>> >> First Basics Technologies Limited, Wyclif Gura, Chief Executive Officer
>> >> Frontier Optical Networks Ltd, YVONNE WANJIRU, CHIEF EXECUTIVE OFFICER
>> >> Icon Fiber Solutions ltd, Francis Mburu, ceo
>> >> Internet Solutions (Kenya), Martin Ratemo, Managing Director
>> >> Kenya Education Network, Kennedy Aseda, Executive Director
>> >> Kenya Network Information Centre (KENIC), Fiona Ongeso, Chief Executive
>> >> Officer
>> >> KENYA POWER AND LIGHTING COMPANY PLC, Benjamin Muoki, Managing Director
>> &
>> >> CEO
>> >> Lime Emerging Solutions Limited, Job Muriuki, CEO
>> >> LINX (Internet Exchange) Kenya Limited, Joe Jefford, CTO
>> >> Liquid Telecommunications Kenya Limited, Mathew Chigwende, Chief
>> >> Technology Officer
>> >> Mawingu Networks Ltd, John Omagwa, CEO
>> >> MTN Business Kenya, Michael Paul, Managing Director Bayobab Kenya
>> >> MyISP Limited, Tony Karanja, Director/CEO
>> >> Mymanga Networks, Barnabie Opiyo, CFO
>> >> National Housing Corporation, Aswile Mlawa, ICT Manager
>> >> NEXT THING NETWORKS Limited, Martin Kyalo, CEO
>> >> Novia East Africa Ltd, Martin Mathenge Maina, CEO
>> >> NuruNet Communications Ltd, FELIX OSONGI, MANAGING DIRECTOR
>> >> SawaSawa.com, ANTHONY KAGOTHO, CHIEF EXECUTIVE OFFICER
>> >> Simbanet Com (K) Ltd, JACK ABONYO, CTO
>> >> Strathmore University, Charles Kiilur, Director ICT Services
>> >> Syokinet Solutions Limited, Ian kasyoki, CEO
>> >> Systel Limited, Mustafa Omar, CFO
>> >> Telecommunication Sevice Providers Association of Kenya – TESPOK, Fiona
>> >> Asonga, Chief Executive Officer
>> >> The International School of Kenya Limited, Jack Odunga, Director of
>> >> Technology
>> >> Travelport Services (Kenya) Limited, Onesmus Kamau, Technical Services
>> >> Manager
>> >> UAP Holdings Limited, Robert Mutero, Chief Information Officer
>> >> Unwired Communications Limited, Haggai Nyang, Technical Director
>> >> Vayacom Limited, Sarah Chepngetich, Administrative Assistant
>> >> VIJIJI CONNECT LIMITED, Fredrick Macharia, CEO
>> >> Vilcom Networks Limitedm, Elvis Chirchir, Chief Executive Officer
>> >> Wananchi Group (Kenya) Limited, Josphat Muya Kathiaka, Chief Technical
>> >> Officer
>> >> Wananchi Telecom Limited, James Kipchojo, CTO
>> >>
Read more on posts.kictanet.or.ke
